SharePoint Vulnerability: Microsoft Hit with Attack
Table of Contents
A critical vulnerability in Microsoft’s SharePoint software has been exploited by hackers, perhaps impacting thousands of organizations worldwide. Cybersecurity firm Palo Alto networks revealed that the exploit is actively being used in the wild, posing a significant threat to businesses and government entities.
The Nature of the Threat
The vulnerability, identified as CVE-2025-53770, allows attackers to impersonate users or services, even after the SharePoint server has been patched. This means that even organizations that have attempted to secure their systems may still be at risk.
“The exploits are real, in-the-wild and pose a serious threat,” stated Palo Alto Networks.
Microsoft has confirmed that the attack specifically targets on-premises SharePoint servers, not those hosted in the cloud, such as Microsoft 365. SharePoint is widely used by global businesses for document storage and collaboration.
How the Exploit Works
Researchers at European cybersecurity firm Eye Security, who first identified the flaw, explained that the vulnerability’s persistence is notably concerning. Once exploited, attackers can gain elevated privileges and maintain access.
The interconnected nature of SharePoint servers with other Microsoft services like Outlook and Teams amplifies the risk. Eye Security researchers warned that a breach could “quickly” lead to widespread data theft and password harvesting.
“Once inside, they’re exfiltrating sensitive data, deploying persistent backdoors, and stealing cryptographic keys,” said Michael Sikorski, CTO and head of threat intelligence for Palo Alto’s Unit 42. “The attackers have leveraged this vulnerability to get into systems and are already establishing their foothold.”
the full extent of the compromise is still being assessed, but the potential for widespread impact is significant given SharePoint’s prevalence.
In a separate incident, Alaska Airlines briefly halted its ground operations for approximately three hours on Sunday due to an IT outage. The airline lifted the ground stop around 2 a.m. EST. It remains unclear whether this outage was connected to the SharePoint vulnerability.
Microsoft has been contacted for additional comment and information regarding the ongoing situation. Organizations utilizing on-premises SharePoint servers are strongly advised to review Microsoft’s security guidance and implement recommended mitigation strategies promptly.